[Security] Reminder :: Draft feedback on "C2C authentication using TLS"
js-xmpp-security at webkeks.org
Mon Aug 25 05:16:33 CDT 2008
Am 25.08.2008 um 12:05 schrieb Dirk Meyer:
> But where to put the fingerprint? IMHO that is needed to know if we
> can use that mechanism. The information that the other side supports
> X.509 is useless when I have no way to verify the key. The only option
> I see it the 'name':
> <item jid='urn:xmpp:c2ctls:x509'
> Looks kind of strange. On the other hand, the fingerprint is some sort
> of name of the certificate.
Can you please explain me why you want a fingerprint there? That's
totally useless IMO, the server could forge that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: This is a digitally signed message part
Url : http://mail.jabber.org/pipermail/security/attachments/20080825/d71109a4/attachment.pgp
More information about the Security